ProFTPD Plugin for unRAID v6.8.x

[Moussa]

Will this plugin be updated for unRAID v6 or does it by any chance work anyway?

[SlrG]

It will be updated. But not at the moment. V6 is still beta and a lot of things are in the flux. I'll wait until final before I upgrade my server. And only then the plugin will follow. Sorry.

[Moussa]

It will be updated. But not at the moment. V6 is still beta and a lot of things are in the flux. I'll wait until final before I upgrade my server. And only then the plugin will follow. Sorry.

 

No problem, that makes perfect sense. Thanks!

[kvinmok]

looking for the version support UNRAID 6.

[SlrG]

I'm still on V5. Over the next week I will give V6 a go again. If the s3sleep problem I had on the last try is gone and it works for me, I'll look into the plugin.

 

But I'm not really sure how the best future would be. There are several options.

 

1) Try to get the plugin to work with V6 as it is now. It might be meaningless work, as changes in the next beta might break it again.

 

2) Wait for the V6 plugin system to be finished and convert the plugin to use that.

 

3) Drop the plugin route and create a docker container (There might be already something available? Did you look into that?)

 

4) Let people use a vm where it is much easier to install proftpd including graphical management tools like gadmin-proftpd.

 

For all ways there are pros and cons. What do you think?

[SlrG]

I added a modified version, which should work on v6b6. Please give it a try and report problems. For sql support maria db should be supported. The plugin is still in old unraid plugin design structure.

[Moussa]

I added a modified version, which should work on v6b6. Please give it a try and report problems. For sql support maria db should be supported. The plugin is still in old unraid plugin design structure.

 

Is this for b6 specifically or would it work for any of the earlier betas? I'm still on b3 as I'm waiting for Dynamix to support b4+.

[SlrG]

I did not test it on other betas, so I can't say for sure, but in theory it should work without problems. Just give it a try and report your findings. If you have trouble, we can try to solve them together.

[PicGrabber]

Hi guys....

 

Testing ProFTPD Plugin v1.3.5, unRaid v6.0-beta7.

 

I have it setup running perfectly, but I always need to start it manually.

I have enabled the ProFTP daemon, but it seems to make no effect.

 

Can someone give me a hand on this please.

[SlrG]

Before we start troubleshooting this, I think you should upgrade your server to beta 10a ASAP! Beta 7 and 8 have a DATA CORRUPTION ISSUE and could damage your data!

 

Once you have done that and checked your data, please post a full syslog when booting your system with the plugin enabled. This should give me a first idea what is going wrong. Also the newest betas introduce a new plugin framework and the plugin is not yet adapted to support this. I'll have a look at this in the future, but it'll take some time, as I'm rather busy in real life at the moment.

[simpic]

Hello,

 

I would like to use your plugin to restrict access to certain DIR's only for a ftp user.

 

I have set up the user as per the instructions and it can log in...

 

Dec  5 14:33:29 unRaid proftpd[26355]: 127.0.0.1 (192.168.1.1[192.168.1.1]) - FTP session opened. 
Dec  5 14:33:29 unRaid proftpd[26355]: 127.0.0.1 (192.168.1.1[192.168.1.1]) - USER xxxx: Login successful. 

 

But then the following error is received in the FTP client...

 

Status:	Connection established, waiting for welcome message...
Response:	220 ProFTPD 1.3.5 Server (ProFTPD) [192.xxx.xxx.xxx]
Command:	USER xxxx
Response:	331 Password required for xxxx
Command:	PASS *************
Response:	230 User xxxx logged in
Status:	Server does not support non-ASCII characters.
Status:	Connected
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is the current directory
Command:	TYPE I
Response:	200 Type set to I
Command:	PASV
Response:	227 Entering Passive Mode (xxxx).
Status:	Server sent passive reply with unroutable address. Using server address instead.
Command:	MLSD
Error:	Connection timed out
Error:	Failed to retrieve directory listing

 

I get this error no matter what I set the dir to be in the user description.

 

Any ideas?

[SlrG]

What version of unraid do you use? If you are on v6b I would recommend to not use the plugin for now.

[simpic]

What version of unraid do you use? If you are on v6b I would recommend to not use the plugin for now.

 

Hi,

 

5.05

 

I have not gone to 6 yet.

 

 

[SlrG]

Okay, then at least it should work normally. Do you get any syslog messages when logging in? Please post the full syslog, after booting your server and logging in and out of the ftp. Also please describe the directory structure a little, do the directory names have special chars in them? How did you create them? Remote from some other system? What OS are you using there? Please post a screenshot of the restricted ftp users details. Do you have other plugins running? Which ones?

 

regards

 

SlrG

[simpic]

Hello,

 

Here is the full syslog... http://pastebin.com/34fi0FG1

 

The dir structure is pretty standard I think. No special chars. All created via the unraid gui.

 

/mnt/user/<share name>

 

Plugins are listed in the syslog.

 

The user I'm trying to get to work is rhys. The description field has this in it...

 

ftpuser /mnt/user

 

I want that user to have access to all the shares under user.

 

The error is as mentioned in the previous post but it does not show in the syslog.

 

 

 

[SlrG]

Thank you for the syslog. As far as I can see, the plugin installs correctly. Your user setup seems to be fine too. Reading your log and your error message above, the user logs in quite fine. So the non-ASCII chars message is propably not the problem. I just noticed I have that too in my connect message. (Normally it scrolls by so fast I've never seen it before and as everything worked, I've had no reason to look for it.)

 

What seems to be the real problem is this:

Status: Server sent passive reply with unroutable address. Using server address instead.

Command: MLSD

Error: Connection timed out

Error: Failed to retrieve directory listing

 

The connection times out, because something goes wrong with the ip address the server replies with. What FTP client are you using? Can you try to connect in the shell of your server? Enter "ftp yourservername" then enter the username and password and once connected enter "dir"? Does it work then?

[simpic]

Thanks for the response.

 

I can get a reply to dir if I do the following...

 

root@unRaid:~# ftp unraid
Connected to unRaid.
220 ProFTPD 1.3.5 Server (ProFTPD) [127.0.0.1]
500 AUTH not understood
Name (unraid:root): rhys
331 Password required for rhys
Password:
230 User rhys logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> dir
200 PORT command successful
150 Opening ASCII mode data connection for file list
drwxrwxrwx   5 nobody   users         104 Dec 12 03:41 cache
drwxrwxrwx   6 nobody   users         128 Dec 11 08:09 disk1
drwxrwxrwx   6 nobody   users         128 Mar 28  2013 disk2
drwxrwxrwx   7 nobody   users         152 Mar 30  2013 disk3
drwxrwxrwx   8 nobody   users         176 Apr  5  2013 disk4
drwxrwxrwx  10 nobody   users         224 Dec  6 19:44 disk5
drwxrwxrwx   4 nobody   users          80 Mar 26  2013 disk6
drwxrwxrwx   4 nobody   users          80 Mar 26  2013 disk7
drwxrwxrwx   4 nobody   users          80 Mar 26  2013 disk8
drwxrwxrwx   4 nobody   users          80 Mar 26  2013 disk9
drwxrwxrwx   1 nobody   users         104 Dec 12 03:41 user
drwxrwxrwx   1 nobody   users         128 Dec 11 08:09 user0
226 Transfer complete
ftp>

 

But not when trying to connect to the external address...

 

root@unRaid:~# ftp taffhill.noip.me:2121

ftp: taffhill.noip.me:2121: unknown host

 

That would imply that the address is wrong, yet the port 2121 is open and forwarded to unraid:21. The syslog seems to indicate that when I connect using WINSCP using taffhill.noip.me on 2121 it is successful but no reply from dir.

 

 

Could this be a WINSCP setting?

 

 

[simpic]

Tried with a different client which has better logging...

 

[16:55:25] SmartFTP 6.0.2103.0
[16:55:25] 1>Resolving host name "xxxx.noip.me"
[16:55:25] 1>Connecting to 86.xxx.xxx.xxx Port: 2121
[16:55:25] 1>Connected to xxxxx.noip.me.
[16:55:25] 1>220 ProFTPD 1.3.5 Server (ProFTPD) [192.168.x.x]
[16:55:25] 1>USER rhys
[16:55:25] 1>331 Password required for rhys
[16:55:25] 1>PASS (hidden)
[16:55:25] 1>230 User rhys logged in
[16:55:25] 1>SYST
[16:55:25] 1>215 UNIX Type: L8
[16:55:25] 1>Detected Server Type: UNIX
[16:55:25] 1>RTT: 6.387 ms
[16:55:25] 1>FEAT
[16:55:25] 1>211-Features:
[16:55:25] 1> MDTM
[16:55:25] 1> TVFS
[16:55:25] 1> MFMT
[16:55:25] 1> SIZE
[16:55:25] 1> MFF modify;UNIX.group;UNIX.mode;
[16:55:25] 1> REST STREAM
[16:55:25] 1> MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
[16:55:25] 1> EPRT
[16:55:25] 1> EPSV
[16:55:26] 1>211 End
[16:55:26] 1>Detected Server Software: ProFTPD
[16:55:26] 1>PWD
[16:55:26] 1>257 "/" is the current directory
[16:55:26] 1>TYPE A
[16:55:26] 1>200 Type set to A
[16:55:26] 1>PASV
[16:55:26] 1>227 Entering Passive Mode (192,x,x,x,172,101).
[16:55:26] 1>Passive IP address returned from server different from server IP.
[16:55:26] 1>Replacing received PASV address 192.168.xx.xx by server address 86.xxx.xxx.xxx.
[16:55:26] 1>Opening data connection to  86.xxx.xxx.xxx Port: 44133
[16:55:26] 1>MLSD
[16:55:47] 1>A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
[16:56:47] 1>Timeout (60s).
[16:56:47] 1>Client closed the connection.

[SlrG]

You propably need to masquerade the unraid servers address with the one you get from noip. (See here: http://www.proftpd.org/docs/howto/NAT.html) You have to add a rule

 

MasqueradeAddress	ftp.mydomain.com  # using a DNS name
PassivePorts 60000 65535	# These ports should be safe...

 

replace the ftp.mydomain.com with your noip dns name.

 

Also you'll have to define and forward the passive ports in your router.

[simpic]

Hello,

 

Got it working after getting the passive ports forwarded properly.

 

It will only work if the control connection is on port 21 though. Not is I connect on a different port and forward it to 21.

 

Thanks for your help.

[SlrG]

I'm happy you got it working.

[wolfer14]

Got the plugin up and running....How do I log in?

[SlrG]

Did you already define a user/users with ftp access? (See the README.txt on how to do that). Restart the plugin afterwards.

 

Then you will have to decide if you want to connect from your local network or from the outside. Please always check if logging in works from the local network, before trying to get it working from the outside. Also be aware, that direct outside login is potentially dangerous.

 

In both cases log in to a ftp service is done via a ftp client software (e.g. FileZilla).

 

You give that the name of your server or your servers ip and the port you have set for the ftp service (default is 21). It will then connect and ask for the name and the password of an user you created for ftp access. It should then login to the homedir you defined for that user.

 

If you want to access your ftp service from the outside you have to check if you get a fixed ip from your provider, or if not, get yourself some dynamic dns service, that provides you with a fixed name you can use to access your router. In the router you then setup a vpn and once you have the vpn tunnel running you can connect like you were in your local lan.

 

Another (less secure) way is to forward a port from your router to port 21 on your unraid server. On the router don't use port 21 but a different higher one. Depending on your router the forwarding of additional ports for passive ftp will be necessary. You can than connect from the outside with the client software using the dynamic dns name and the higher port you defined.

 

Please excuse the lengthy explanation, but your question leaves much room for interpretation in what you really want to do. Also if what I'm writing sounds way to complicated for your taste, it might be better to not use ftp or start with a deeper research on how to use it and its security implications.

 

[tungnt]

Hello SlrG,

 

I downloaded the file proftpd_v6.plg at the first page of this thread and installed it by copying it to /boot/config/plugins. However, when I rebooted, the system restarted and loaded almost all things and then halted (it did not come to the login@ screen). I removed the file  proftpd_v6.plg from the plugins folder, then the system runs normally. The version of Unraid I am running is 6.1~beta10, Unraid server plus.

 

Is there any way to solve this issue?

 

Thank you

 

tungnt

[SlrG]

Well the thread title says this plugin is for version v5.0.5 and v6b6 only. So it is not compatible with the changes done to the plugin system in  the newer betas. It won't run and cause problems for your system. Sorry.

 

The only way would be to adapt it to the plugin system of the newest unraid version.

 

If I have time, I'll have a look at it again. But at the moment I just don't have that time.